salvo-auth

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes hardcoded secret-like values (SECRET_KEY, session cookie secret, API key, passwords, valid_token) and example comparisons that require emitting those secrets verbatim in generated code or handlers, creating an exfiltration risk.